Mobile phone is received method and the device that data are carried out virus scan and processing
Technical field
The present invention relates to preventing virus and killing method and the device that removes virus of a kind of mobile phone, specifically, is method and the device that carries out gas defence and virus killing about the data that receive at mobile phone.
Background technology
Along with popularizing that mobile phone is used, the particularly smart mobile phone widespread usage in people's life, mobile phone is connected on the diverse network more and more, the business of realization information and exchanges data.This just makes mobile phone become the object of attack of various viruses inevitably.Therefore, in mobile phone, carry out gas defence, the virus killing seem very necessary.
Than computer, its oneself characteristics are arranged for the gas defence of mobile phone, virus killing.At first, mobile phone all can't be compared with computer on the size of internal memory still is the processing speed of CPU, therefore needs to improve as much as possible the sweep speed of carrying out gas defence and virus killing, to reduce taking cpu resource.And from several mobile phone viruses of present discovery, the mobile phone infective virus has its specific channel.
Summary of the invention
The objective of the invention is own characteristic according to above-mentioned mobile phone a kind of method of the virus of protecting from infection and gas defence, virus killing device are provided.
Purpose of the present invention is achieved through the following technical solutions:
According to of the present invention a kind of, comprise the steps: receiving the method that data are carried out virus scan and processing
Step 1 is tentatively filtered the data that receive, and extracts the suspicious data section;
Step 2 is carried out secondary filter to the suspicious data section of extracting, and whether check has viral element to exist;
Step 3 is pointed out the user and is made respective handling according to scanning result.
Further, step S
1In said the data that receive are tentatively filtered, the multimedia message that is meant that mobile phone receives or the packet of Email, tentatively scan, coded system according to multimedia message, find header and body information, find out the accessory information that comprises, if find that the feasibility file is arranged or comprise some current Virus Name files by name by the decoded information head, then they are defined as suspicious content, and this segment data section is directly extracted;
Step S
2In saidly the suspicious data section of being extracted carried out the second time filter, be meant whether the feature code inspection according to the various viruses of having found has viral element to exist;
Wherein step 3 comprises: 1) preserve all data; 2) delete whole packet; 3) delete viral packet; 4) all data of shielding viral source side.
According to same total inventive concept, a kind of device that mobile phone reception data are carried out virus scan and processing of the present invention, comprise the decoded packet data submodule that connects with data flow successively, the first submodule that filters, suspicious data extracts sub-piece, secondary filter submodule and virus treated submodule, and normally receive submodule, wherein:
This decoded packet data submodule, the multimedia message that it receives mobile phone or the packet of Email are decoded, and find out header and body information according to coded system;
Should filter submodule for the first time, itself and decoded packet data submodule connect with data flow, find out the accessory information that comprises by the decoded information that receives, to containing enforceability files such as exe, sis, or contain some virus documents that name is called current discovery and all be defined as suspicious content, otherwise, be defined as normal content, contain viral data segment and normal data section thereby be separated into to doubt, make first filtration;
This suspicious data extracts submodule, and it connects with data flow with the first submodule that filters, and receives separate doubtful and contains viral data segment;
Be somebody's turn to do the normal submodule that receives, it connects the normal data section that reception is separated with the first submodule that filters mutually with data flow; This secondary filter submodule, itself and suspicious data extract submodule and connect with data flow, doubtfully contain viral data segment to what send here, whether have according to the various virus pattern code inspections of having found and to contain viral element, separate the normal data section that contains viral element, with contain containing of viral element of viral data segment, and the normal data section is sent into normal reception submodule; This virus treated submodule, it makes corresponding processing to the viral data segment that the secondary filter submodule is sent here according to user instruction.
Further, said virus treated submodule comprises the whole packet of deletion according to user instruction to the processing that mobile phone receives data, or only the data segment of virus is carried in deletion; Or all data that shielding viral source side sends after the user confirms.
Positive progressive effect of the present invention is: at the specific channel of mobile phone PI virus and the characteristics of data transmission format, provide a kind of high efficiency virus scan method and device.
Description of drawings
Fig. 1 is a program circuit schematic diagram of the present invention;
Fig. 2 is a block diagram of the present invention.
Embodiment
Provide preferred embodiment of the present invention below in conjunction with Fig. 1 and Fig. 2, and described in detail,, rather than be used for limiting scope of the present invention so that those skilled in the art are easier to understand architectural feature of the present invention and functional characteristics.
As Fig. 1, a kind of to receiving the program 1000 that data are carried out virus scan and processing:
Step 1000 mobile phone receives the packet of a multimedia message or Email;
Step 1001,1002, at first the packet that receives is carried out preliminary scanning, coded system according to multimedia message finds header and body information, finds out the accessory information that comprises by the decoded information head, if find to have enforceability files such as .exe .sis, the file that perhaps comprises some Virus Names of current discovery by name, then they are defined as suspicious content, execution in step 1003,1004; Otherwise execution in step 1005 normally receives data;
Step 1003 is if find the suspected virus content, just this data segment is directly extracted;
Step 1004 is carried out rescan to the data segment that extracts, has step 1006 checked that according to the feature code of the various viruses of having found viral element exists? if it is virus-free existence makes execution in step 1005, normal. receive data; Otherwise execution in step 1007 if there is virus to exist, just pointed out the user, and is made corresponding processing according to user's instruction: can delete whole packet; Also only the data segment of virus is carried in deletion; Can also confirm all data that shielding viral source side, back sends the user.
Like this, just can scan whole packet, dwindle examination scope, thereby accelerate processing speed.And, after the discovery virus, can realize a virus-isolating data, keep normal data message.
See also Fig. 2, as shown in the figure, mobile phone gas defence of the present invention, virus killing module comprise the decoded packet data submodule 11 that connects with data flow successively, the first submodule 12 that filters, suspicious data extracts submodule 13, secondary filter submodule 14 and virus treated submodule 15, wherein:
This decoded packet data submodule 11, the multimedia message that mobile phone is received or the packet of Email are decoded, by the decoded information head, and find out the accessory information that comprises, if find to have the feasibility file, for example, exe, sis etc. or include some existing Virus Name files then are defined as suspicious content with them.Sending into first filtration submodule 12 filters for the first time, then, extracting submodule 13 through suspicious data again checks, if do not find suspicious content, then normal reception submodule 16 is sent in output, if find to have suspicious content, then secondary filter submodule 14 is taken out and sent into to this suspicious data section and carry out secondary filter, afterwards, confirm that virus-free element exists, must send into normal. receive submodule 16, if find to also have virus to exist, then send into virus treated submodule 15 and handle, or delete whole packet, or only deletion contains the data segment of virus, or shield all data that viral source side sends.